Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

need help removing any malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

need help removing any malware

Unread postby agl01 » June 15th, 2011, 6:51 pm

this is the log file from hijackthis. my computer loads very slowly on startup..particularly IE8 and outlook express:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:39:50 PM, on 6/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpyShelter Personal Free\SpyShelter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: StartNowToolbarHelper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\PROGRA~1\SHAREA~1\MediaBar\DataMngr\IEBHO.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\PROGRA~1\SHAREA~1\MediaBar\ToolBar\ShareazaMediabarDx.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\PROGRA~1\SHAREA~1\MediaBar\ToolBar\ShareazaMediabarDx.dll
O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyShelter] C:\Program Files\SpyShelter Personal Free\SpyShelter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk
O4 - Global Startup: Adobe Reader Synchronizer.lnk
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll c:\progra~1\sharea~1\mediabar\datamngr\iebho.dll c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll c:\progra~1\bandoo\bndhook.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Toolbar Updater Service - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10676 bytes
agl01
Regular Member
 
Posts: 23
Joined: June 15th, 2011, 6:45 pm
Advertisement
Register to Remove

Re: need help removing any malware

Unread postby melboy » June 18th, 2011, 9:54 am

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


========================================================


DDS

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2
Link3

Temporarily disable any real-time active protection and then double click dds.scr to run the tool. A command window will appear, this is normal.

Image
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Please copy & paste the contents of :
  • DDS.txt
  • Attach.txt
And post them in your next reply.

Re-enable any real-time protection you disabled during the running of DDS.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: need help removing any malware

Unread postby agl01 » June 18th, 2011, 2:58 pm

here's what i hae from that:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by user at 13:55:08 on 2011-06-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.2469 [GMT -5:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\Bandoo\BndCore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\toolbar\imeshdtxmltbpi.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\program files\windows searchqu toolbar\toolbar\SearchquDx.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: UrlHelper Class: {cfc4f59b-a2da-4e12-b337-52a4f871e10c} - c:\progra~1\sharea~1\mediabar\datamngr\IEBHO.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\bandoo\plugins\ie\ieplugin.dll
BHO: MediaBar: {ee9a4208-64ec-11de-8440-204256d89593} - c:\progra~1\sharea~1\mediabar\toolbar\ShareazaMediabarDx.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\program files\windows searchqu toolbar\toolbar\SearchquDx.dll
TB: MediaBar: {ee9a4208-64ec-11de-8440-204256d89593} - c:\progra~1\sharea~1\mediabar\toolbar\ShareazaMediabarDx.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\toolbar\imeshdtxmltbpi.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SpyShelter] c:\program files\spyshelter personal free\SpyShelter.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\www.update
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6968886C-7FB3-4ADD-86DC-AF2A1D778319} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll c:\progra~1\sharea~1\mediabar\datamngr\iebho.dll c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll c:\progra~1\bandoo\bndhook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\22nsm24y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Shareaza Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.shareazaweb.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda ... 2_0yatb&p=
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\22nsm24y.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\22nsm24y.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\22nsm24y.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.6.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\22nsm24y.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\22nsm24y.default\extensions\firefox@bandoo.com\components\FFPlugin.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\shareaza applications\mediabar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Window Shopper - Powered by Superfish: superfish@superfish.com - c:\documents and settings\all users\application datamozilla\extensions\superfish@superfish.com
FF - Ext: Bandoo for Firefox: firefox@bandoo.com - %profile%\extensions\firefox@bandoo.com
FF - Ext: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} - %profile%\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - %profile%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
FF - Ext: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - %profile%\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-1-19 28552]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]
R1 SpyShelter;SpyShelter;c:\program files\spyshelter personal free\SpyShelter.sys [2011-1-25 158192]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-1-18 47640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2011-3-4 584488]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]
R2 Toolbar Updater Service;Toolbar Updater Service;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-3-24 199904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-15 1684736]
S3 mr8980;Digital Wireless Camera;c:\windows\system32\drivers\mr8980.sys [2010-7-16 69632]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-06-17 12:51:42 -------- d-----w- C:\0936a25e2e974c8c1057
2011-06-16 22:17:32 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-16 12:25:49 50247 ----a-w- c:\program files\common files\microsoft shared\proof\Uninstal.exe
2011-06-16 02:45:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 00:02:28 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras
2011-06-15 23:22:58 29544 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
2011-06-15 23:05:02 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-15 22:38:51 -------- d-----w- c:\program files\Trend Micro
2011-06-15 00:53:37 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-15 00:53:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-14 23:34:08 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-14 01:01:45 -------- d-----w- c:\windows\system32\CatRoot2
2011-05-30 22:39:43 -------- d-----w- c:\documents and settings\user\application data\Superfish
2011-05-30 22:39:23 -------- d-----w- c:\program files\Superfish
2011-05-30 22:39:23 -------- d-----w- c:\program files\StartNow Toolbar
2011-05-30 22:39:12 -------- d-----w- c:\documents and settings\all users\Application DataMozilla
2011-05-30 17:34:32 -------- d-----w- C:\48ff03d23d8e16dee0
2011-05-28 13:10:12 -------- d-----w- c:\program files\Nero
2011-05-28 13:10:04 -------- d-----w- c:\documents and settings\all users\application data\Nero
2011-05-28 13:09:14 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-05-28 13:09:02 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-05-28 13:08:55 -------- d-----w- c:\windows\Logs
.
==================== Find3M ====================
.
2011-05-04 03:04:16 28672 ----a-w- c:\windows\system32\SpyShelterShellExt.dll
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 13:56:18.59 ===============
agl01
Regular Member
 
Posts: 23
Joined: June 15th, 2011, 6:45 pm

Re: need help removing any malware

Unread postby melboy » June 18th, 2011, 6:17 pm

DDS

When you ran DDS it will have produced two logs, please copy & paste the contents of :

  • Attach.txt

And post it in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: need help removing any malware

Unread postby agl01 » June 18th, 2011, 7:19 pm

here's the totla file


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2010 8:37:21 PM
System Uptime: 6/18/2011 7:42:38 AM (6 hours ago)
.
Motherboard: Intel Corporation | | D915GAG
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 249.212 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_4037107B&REV_03\4&5A988DE&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_4037107B&REV_03\4&5A988DE&0&40F0
Service: E100B
.
==== System Restore Points ===================
.
RP1: 6/17/2011 7:57:07 AM - System Checkpoint
RP2: 6/17/2011 8:05:12 AM - Software Distribution Service 3.0
RP3: 6/17/2011 8:09:17 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Apple Application Support
Apple Mobile Device Support
Ask Toolbar
Bandoo
Blubster 3.1.1
Bonjour
BufferChm
CamGuard Security System (Home Edition) 4.0.14.223
Canon CanoScan Toolbox 4.1
Destinations
DeviceManagementQFolder
Digital Wireless Camera
dj_taplugin
eSupportQFolder
FileZilla Client 3.4.0
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
GemMaster Mystic
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Deskjet 6900 series
HP Imaging Device Functions 6.0
HP Photosmart Essential
HP Software Update
HP Solution Center and Imaging Support Tools 6.0
HPProductAssistant
ieSpell
InstallIQ Updater
Java(TM) 6 Update 16
LogMeIn
Malwarebytes' Anti-Malware
MapSource
MClient.exe
MediaBar
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Image Composer 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.6)
Nero 6 Enterprise Edition
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Nitro PDF Reader
OpenOffice.org 3.1
Otto
Panda ActiveScan 2.0
Panda Cloud Antivirus
Panda Security Toolbar
Panda Security URL Filtering
PDF-Viewer
PhotoMail Maker
PL-2303 USB-to-Serial
PowerDVD
PrimoPDF -- brought to you by Nitro PDF Software
Readme
RealPlayer Basic
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 5.3
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic Encoders
Spell Checker For OE 2.1
Spybot - Search & Destroy
SpyShelter Personal Free 5.20
StartNow Toolbar 2.0
Status
Studio
TomTom HOME
TrafficSeeker 8.0
TrayApp
Turbo Lister 2
Unload
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC_MergeModuleToMSI
Veetle TV 0.9.18
Watchtower Library 2005 - English Edition
WebFldrs XP
WebReg
Window Shopper
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - OEM (mr8980) Image (04/20/2007 1.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10 Hotfix - KB894476
Windows Searchqu Toolbar
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/17/2011 7:09:30 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01f: Security Update for Windows XP (KB2476490).
6/17/2011 7:09:14 AM, error: NtServicePack [4379] - Windows XP Hotfix KB2476490 installation failed.
KB2476490 installation did not complete.
6/17/2011 7:08:40 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB2503665).
6/17/2011 7:08:35 AM, error: NtServicePack [4373] - Windows XP KB2503665 installation failed.
An internal error occurred.
6/16/2011 5:15:17 PM, error: NtServicePack [4379] - Windows XP Hotfix KB2544521-IE8 installation failed.
KB2544521 installation did not complete.
6/13/2011 8:00:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/13/2011 7:49:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/13/2011 7:21:39 AM, error: NtServicePack [4379] - Windows XP Hotfix KB2497640-IE8 installation failed.
Failed to add registry entry.
6/13/2011 5:35:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm pavboot PSINKNC SpyShelter
6/13/2011 5:29:14 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01f: Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2497640).
6/13/2011 5:29:08 PM, error: NtServicePack [4379] - Windows XP Hotfix KB2497640-IE8 installation failed.
Failed to add registry entry.
6/13/2011 5:26:59 PM, error: NtServicePack [4379] - Windows XP Hotfix KB2497640-IE8 installation failed.
Failed to add registry entry.
6/12/2011 8:47:24 PM, error: NtServicePack [4379] - Windows XP Hotfix KB2497640-IE8 installation failed.
Failed to add registry entry.
6/12/2011 8:33:38 PM, error: NtServicePack [4379] - Windows XP Hotfix KB2497640-IE8 installation failed.
Failed to add registry entry.
6/12/2011 8:20:08 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
.
==== End Of File ===========================
agl01
Regular Member
 
Posts: 23
Joined: June 15th, 2011, 6:45 pm

Re: need help removing any malware

Unread postby melboy » June 19th, 2011, 5:01 am

Hello.

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate Blubster 3.1.1 and click on the Change/Remove button to uninstall it.
  • Close Add/Remove Programs and Control Panel when done.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.


Uninstall Programs

  • click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the first program in the list and click Remove
  • Continue through the list below (one at a time) until all programs have been removed.
  • If something isn't found, please continue with the next entry in the list.
Ask Toolbar
Bandoo
InstallIQ Updater
MediaBar
Panda Security Toolbar
StartNow Toolbar 2.0
Windows Searchqu Toolbar


Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • When GMER opens, it will run an inital quick scan. This should only take a few seconds, allow it to complete.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If GMER crashes or results in a BSoD, please inform me --

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: need help removing any malware

Unread postby agl01 » June 19th, 2011, 5:33 pm

here's the Gemer file:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-19 14:13:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD3200AAKS-00L9A0 rev.01.03E01
Running: ysf1zi26.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pxriyfob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwAddBootEntry [0xA75B6616]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwConnectPort [0xA75B77FA]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwCreateSection [0xA75B741E]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwCreateThread [0xA75B5CB8]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwDeleteBootEntry [0xA75B669A]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwDeleteFile [0xA75B6DAA]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwDeviceIoControlFile [0xA75B5D4C]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwDuplicateObject [0xA75B63E8]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwFsControlFile [0xA75B6D4A]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwImpersonateClientOfPort [0xA75B6D06]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwImpersonateThread [0xA75B6CB8]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwLoadDriver [0xA75B7112]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwMapViewOfSection [0xA75B6FF0]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwModifyBootEntry [0xA75B6658]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwOpenProcess [0xA75B75EC]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwOpenSection [0xA75B7210]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwOpenThread [0xA75B76EC]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwProtectVirtualMemory [0xA75B72DE]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwQueueApcThread [0xA75B60FC]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwReplaceKey [0xA75B67E6]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwRequestWaitReplyPort [0xA75B8684]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwRestoreKey [0xA75B671E]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSecureConnectPort [0xA75B78E6]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSetBootOptions [0xA75B66DC]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSetContextThread [0xA75B6170]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSetInformationFile [0xA75B6E0E]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSetSystemInformation [0xA75B5FC8]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwShutdownSystem [0xA75B65C4]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSystemDebugControl [0xA75B61F2]
SSDT \SystemRoot\system32\DRIVERS\PSINProc.sys (PSINProc Filter Driver for XP32/Panda Security, S.L.) ZwTerminateProcess [0xA6413416]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwTerminateThread [0xA75C28C3]
SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwWriteVirtualMemory [0xA75B83C2]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CF4 80504590 2 Bytes [E8, 63]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D94 80504630 2 Bytes [F0, 6F]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D97 80504633 5 Bytes [A7, 58, 66, 5B, A7] {CMPSD ; POP EAX; POP BX; CMPSD }
.text ntkrnlpa.exe!ZwCallbackReturn + 2E08 805046A4 2 Bytes [DE, 72]
.text ntkrnlpa.exe!ZwCallbackReturn + 3038 805048D4 2 Bytes [C2, 83]
.Shltr1 C:\Program Files\SpyShelter Personal Free\SpyShelter.sys entry point in ".Shltr1" section [0xA75F5EBE]
.text win32k.sys!EngAcquireSemaphore + 20EE BF8082F7 5 Bytes JMP A75AC776 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP A75ADE58 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngFreeUserMem + 5BD0 BF80EE7E 5 Bytes JMP A75AC990 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP A75AA872 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11F0 BF81C754 5 Bytes JMP A75AA5CC \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP A75AB010 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngCreateBitmap + 2C0B BF82A958 5 Bytes JMP A75AB4DA \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP A75AB592 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngUnmapFontFileFD + 43FD BF832E87 5 Bytes JMP A75AC67C \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP A75AA7F6 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngCopyBits + 384F BF855783 5 Bytes JMP A75AA422 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP A75ABF6C \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!XLATEOBJ_iXlate + 3E87 BF8679EF 5 Bytes JMP A75AA4DC \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP A75AA106 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP A75AB674 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP A75AB178 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngCreateDeviceSurface + 2767 BF8872BF 5 Bytes JMP A75B4A8A \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngGetCurrentCodePage + 77A0 BF89005A 5 Bytes JMP A75AB9D0 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngGetLastError + 1606 BF8A9C8A 5 Bytes JMP A75AB8E4 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngCreatePalette + 1C9 BF8BFAAD 5 Bytes JMP A75AC7D6 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP A75AC096 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP A75AA678 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP A75AA8DA \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP A75AAD08 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP A75AAEEA \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngDeleteSemaphore + CAD1 BF8F614A 5 Bytes JMP A75AABB8 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP A75ABA6C \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngCreateClip + 48CC BF916E39 5 Bytes JMP A75AA252 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP A75AB0E0 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter)
? C:\DOCUME~1\user\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- EOF - GMER 1.0.15 ----
agl01
Regular Member
 
Posts: 23
Joined: June 15th, 2011, 6:45 pm

Re: need help removing any malware

Unread postby melboy » June 19th, 2011, 6:03 pm

Hi

Good.


Fix HijackThis entries

  • Run HijackThis
  • Click on the do a system scan only button
  • Put a check beside all of the items listed below (if present):

    O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll

    O2 - BHO: StartNowToolbarHelper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll

    O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll

    O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

    O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\PROGRA~1\SHAREA~1\MediaBar\DataMngr\IEBHO.dll

    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

    O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll

    O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\PROGRA~1\SHAREA~1\MediaBar\ToolBar\ShareazaMediabarDx.dll

    O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll

    O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\PROGRA~1\SHAREA~1\MediaBar\ToolBar\ShareazaMediabarDx.dll

    O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

    O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

    O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll

    O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll

    O20 - AppInit_DLLs: c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll c:\progra~1\sharea~1\mediabar\datamngr\iebho.dll c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll c:\progra~1\bandoo\bndhook.dll

    O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe

    O23 - Service: Toolbar Updater Service - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.

REBOOT



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.




In your next reply:
  1. OTL.txt
  2. Extras.txt
  3. MBAM log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: need help removing any malware

Unread postby agl01 » June 19th, 2011, 9:45 pm

otl:
OTL logfile created on: 6/19/2011 8:28:31 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\user\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 80.55% Memory free
5.05 Gb Paging File | 4.62 Gb Available in Paging File | 91.53% Paging File free
Paging file location(s): C:\pagefile.sys 2287 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 250.02 Gb Free Space | 83.88% Space Free | Partition Type: NTFS

Computer Name: USER-EEBF5B7991 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/19 20:26:20 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
PRC - [2011/05/30 11:20:10 | 002,565,616 | ---- | M] () -- C:\Program Files\SpyShelter Personal Free\SpyShelter.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/02/24 08:36:15 | 000,423,232 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/01/14 13:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2010/12/16 19:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/14 14:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/06/19 20:26:20 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/01/14 13:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010/12/16 19:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/03/14 14:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/05/30 11:21:18 | 000,158,192 | ---- | M] (SpyShelter) [Kernel | System | Running] -- C:\Program Files\SpyShelter Personal Free\SpyShelter.sys -- (SpyShelter)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/16 19:12:59 | 000,113,096 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2010/12/16 19:12:51 | 000,111,944 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2010/12/16 19:12:42 | 000,130,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2010/12/16 19:12:34 | 000,097,352 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2010/12/16 19:12:26 | 000,141,768 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/16 09:15:52 | 005,095,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/11 18:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/08/05 11:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/06/23 18:53:32 | 000,069,632 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr8980.sys -- (mr8980)
DRV - [2007/08/22 04:16:40 | 000,096,384 | R--- | M] (Dynex ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/04 06:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/07/22 10:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 10:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 10:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/07 19:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/07/16 16:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/07 17:37:18 | 000,014,133 | ---- | M] (Pinnacle Systems GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Pclepci.sys -- (PCLEPCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Shareaza Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Shareaza Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Shareaza Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.shareazaweb.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: firefox@bandoo.com:5.0
FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0
FF - prefs.js..extensions.enabledItems: {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.1.0.00
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.0
FF - prefs.js..extensions.enabledItems: superfish@superfish.com:1.2.0.8
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=panda2_0yatb&p="


FF - HKLM\software\mozilla\Firefox\extensions\\superfish@superfish.com: C:\Documents and Settings\All Users\Application DataMozilla\Extensions\superfish@superfish.com [2011/06/15 18:32:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/21 18:35:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 18:22:58 | 000,000,000 | ---D | M]

[2010/11/04 20:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2011/06/19 08:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions
[2011/01/20 18:43:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/03 17:11:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/05 16:08:21 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)
[2011/02/21 18:57:11 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)
[2010/11/04 20:30:01 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}
[2011/01/20 19:09:37 | 000,000,000 | ---D | M] (NextGen AntiKeylogger) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\nextgenakl@maxsecurity.lab.ltd
[2011/01/08 15:04:53 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com
[2011/05/30 17:39:26 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\bing-zugo.xml
[2010/08/24 19:33:23 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\MyStart Search.xml
[2010/04/12 16:01:50 | 000,005,495 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\SearchquWebSearch.xml
[2010/08/12 03:21:06 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\ShareazaWebSearch.xml
[2011/06/15 19:03:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/15 19:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\22NSM24Y.DEFAULT\EXTENSIONS\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\22NSM24Y.DEFAULT\EXTENSIONS\{7FF99715-3016-4381-84CE-E4E4C9673020}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\22NSM24Y.DEFAULT\EXTENSIONS\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\22NSM24Y.DEFAULT\EXTENSIONS\FIREFOX@BANDOO.COM
[2010/06/15 18:34:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\SHAREAZA APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[1999/12/31 16:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
[2010/04/12 16:01:50 | 000,005,495 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2010/08/12 03:21:06 | 000,002,510 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ShareazaWebSearch.xml

O1 HOSTS File: ([2010/06/30 15:09:45 | 000,411,396 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14217 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKCU..\Run: [SpyShelter] C:\Program Files\SpyShelter Personal Free\SpyShelter.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo - No CLSID value found
O18 - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll) - c:\Program Files\Shareaza Applications\MediaBar\DataMngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~1\sharea~1\mediabar\datamngr\iebho.dll) - c:\Program Files\Shareaza Applications\MediaBar\DataMngr\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll) - c:\Program Files\Shareaza Applications\MediaBar\DataMngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/03 20:34:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/19 20:26:19 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
[2011/06/19 20:15:03 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/19 20:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/19 20:14:59 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/19 20:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/19 20:13:49 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setup-1.51.0.1200.exe
[2011/06/19 20:04:53 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\TFC.exe
[2011/06/19 20:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\backups
[2011/06/19 08:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\netframe
[2011/06/18 13:54:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Administrative Tools
[2011/06/17 07:51:42 | 000,000,000 | ---D | C] -- C:\0936a25e2e974c8c1057
[2011/06/16 17:17:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/16 07:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Spell Checker For OE 2.1
[2011/06/15 19:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/06/15 19:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/06/15 18:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/06/15 18:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/06/15 18:05:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\user\My Documents\HijackThis.exe
[2011/06/15 18:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Updater5
[2011/06/15 17:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\HiJackThis
[2011/06/15 17:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/14 20:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/13 20:01:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/05/30 17:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Superfish
[2011/05/30 17:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Superfish
[2011/05/30 17:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application DataMozilla
[2011/05/30 17:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/05/30 12:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpyShelter
[2011/05/30 12:34:32 | 000,000,000 | ---D | C] -- C:\48ff03d23d8e16dee0
[2011/05/28 08:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\CD BURN LIST
[2011/05/28 08:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Nero
[2011/05/28 08:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2011/05/28 08:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011/05/28 08:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2011/05/28 08:08:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs

========== Files - Modified Within 30 Days ==========

[2011/06/19 20:26:20 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
[2011/06/19 20:13:49 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setup-1.51.0.1200.exe
[2011/06/19 20:10:34 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-user-Startup.job
[2011/06/19 20:09:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/19 20:04:54 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\TFC.exe
[2011/06/19 20:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/19 16:41:32 | 000,519,094 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/19 16:41:32 | 000,095,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/19 16:37:14 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/19 16:34:05 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/19 09:41:01 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EBD685C4-8CE4-42A7-A4DA-9B8ED27675CF}.job
[2011/06/19 09:37:28 | 000,127,439 | ---- | M] () -- C:\Documents and Settings\user\My Documents\instruc.jpg
[2011/06/19 08:47:57 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\user\My Documents\ysf1zi26.exe
[2011/06/18 08:17:02 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2011/06/17 08:14:12 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/17 08:06:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 07:57:55 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/06/17 07:49:03 | 000,304,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/15 18:05:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\user\My Documents\HijackThis.exe
[2011/06/15 18:05:02 | 000,002,799 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HiJackThis.lnk
[2011/06/03 09:05:39 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Burning ROM 10.lnk
[2011/05/30 12:52:42 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\user\Desktop\SpyShelter Personal Free.lnk
[2011/05/30 12:28:12 | 000,012,600 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\k53phh05m63xl61w50p78u3805prg
[2011/05/30 12:28:12 | 000,012,600 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\k53phh05m63xl61w50p78u3805prg
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/19 09:36:13 | 000,127,439 | ---- | C] () -- C:\Documents and Settings\user\My Documents\instruc.jpg
[2011/06/19 08:47:55 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\user\My Documents\ysf1zi26.exe
[2011/06/15 17:38:52 | 000,002,799 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HiJackThis.lnk
[2011/05/30 09:32:33 | 000,012,600 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\k53phh05m63xl61w50p78u3805prg
[2011/05/30 09:32:33 | 000,012,600 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k53phh05m63xl61w50p78u3805prg
[2011/05/28 08:10:48 | 000,002,427 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Burning ROM 10.lnk
[2011/05/18 10:25:53 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/03/26 16:20:13 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/03/22 17:56:27 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2011/02/21 19:04:25 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/02/09 23:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011/02/07 19:16:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dataguard.sys
[2011/01/25 18:11:00 | 001,740,800 | ---- | C] () -- C:\WINDOWS\System32\Osklauncher.exe
[2011/01/25 18:11:00 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\inject_logon_dll.dll
[2011/01/25 18:11:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\SpyShelterShellExt.dll
[2011/01/20 19:08:26 | 001,091,072 | ---- | C] () -- C:\WINDOWS\System32\nextgenakl.dll
[2011/01/20 19:08:26 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\nextgenakl_ldr.dll
[2011/01/10 19:58:59 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/23 08:28:58 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/15 13:56:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\user\Application Data\$_hpcst$.hpc
[2010/07/19 19:30:03 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Settings.cfg
[2010/07/16 17:12:32 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\LPng.dll
[2010/07/02 08:08:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/01 15:17:04 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/01 09:51:17 | 000,151,552 | ---- | C] () -- C:\Documents and Settings\user\Application Data\SharedSettings.ccs
[2010/07/01 06:31:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/30 17:15:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/06/30 15:51:50 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\dbrename7.exe
[2010/06/30 15:46:33 | 000,105,001 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2010/06/30 15:46:33 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2010/06/30 15:32:27 | 000,000,794 | ---- | C] () -- C:\WINDOWS\Studio7.ini
[2010/06/30 15:31:30 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2010/06/30 15:31:30 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2010/06/30 15:31:30 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2010/06/30 15:31:30 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2010/06/30 15:31:30 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2010/06/30 12:14:55 | 000,009,321 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Comma Separated Values (Windows).EML
[2010/06/30 10:18:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/15 18:35:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2010/06/04 17:15:47 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2010/06/03 20:37:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/03 20:31:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/03 13:05:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/03 13:04:00 | 000,304,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/06/24 19:50:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr8980if.dll
[2005/10/27 04:51:09 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/08/05 16:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 17:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 17:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,519,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,095,050 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 18:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/12/29 11:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll

========== LOP Check ==========

[2011/01/07 16:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/28 09:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/07/01 09:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CoffeeCup Software
[2011/03/24 17:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/10/07 18:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/08/24 19:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/08/24 19:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/06/19 16:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/05/18 10:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/03/25 07:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/02/21 18:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/02/21 19:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering
[2010/08/24 19:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/07/02 08:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2011/06/19 20:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/19 12:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/22 15:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AskToolbar
[2011/03/28 09:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Canneverbe Limited
[2011/06/04 10:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Canon
[2010/07/01 10:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\CoffeeCup Software
[2010/09/19 12:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\com.w3i.musicoasis
[2010/07/19 19:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Dynamic
[2011/06/16 07:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FileZilla
[2010/10/07 18:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GARMIN
[2010/07/01 09:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GlobalSCAPE
[2010/07/16 16:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Guarding Recorder
[2010/06/30 15:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Image Zone Express
[2011/03/28 09:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\imeshbandmltbpi
[2011/05/19 06:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nitro PDF
[2011/03/25 06:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nuance
[2011/03/28 09:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ooVoo Details
[2011/05/18 10:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenCandy
[2010/06/15 18:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org
[2011/01/07 16:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Panda Security
[2011/02/05 16:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\pandasecuritytb(2)
[2011/02/21 18:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\pandasecuritytb(3)
[2011/05/18 10:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PrimoPDF
[2011/01/20 18:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Runscanner.net
[2010/07/19 18:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\shareazamediabartb
[2010/11/01 17:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Singlesnet
[2010/07/19 19:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SiteClasses
[2010/07/19 19:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sites
[2011/02/05 16:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SpyShelter
[2011/02/05 16:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SpyShelter(2)
[2011/05/30 17:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Superfish
[2010/06/30 15:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TomTom
[2011/03/22 17:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Watchtower
[2011/03/24 17:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Zeon
[2011/06/19 20:10:34 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-user-Startup.job
[2011/06/19 20:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/06/19 09:41:01 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EBD685C4-8CE4-42A7-A4DA-9B8ED27675CF}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\user\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\user\My Documents\Music Downloads:Shareaza.GUID
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C43ED645

< End of report >


EXTRAS:

OTL Extras logfile created on: 6/19/2011 8:28:31 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\user\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 80.55% Memory free
5.05 Gb Paging File | 4.62 Gb Available in Paging File | 91.53% Paging File free
Paging file location(s): C:\pagefile.sys 2287 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 250.02 Gb Free Space | 83.88% Space Free | Partition Type: NTFS

Computer Name: USER-EEBF5B7991 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2881063B-C58F-49EB-97FD-8BF58EC580F9}" = Nitro PDF Reader
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1570454-ED12-4050-A7AC-9282C7AFB23C}" = Window Shopper
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A128D8-6636-4293-BC1A-041B65A9E139}" = Digital Wireless Camera
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C27AF593-1464-4805-9F17-574F595212C0}" = Watchtower Library 2005 - English Edition
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D02220CE-1475-4F0F-9F12-251161999D53}" = Garmin MapSource
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DF7CFCDF-08ED-4BFA-8980-9F8F3A9596B3}" = TrafficSeeker 8.0
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E9ACF7F7-DB80-49B4-A1BC-63DB90913E67}_is1" = CamGuard Security System (Home Edition) 4.0.14.223
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"135D0C8BC13A45369E2154E1FAC3FB2C47755A80" = Windows Driver Package - OEM (mr8980) Image (04/20/2007 1.0.0.0)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CamGuard Security System Remote Client_is1" = MClient.exe
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"Image Composer" = Microsoft Image Composer 1.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MapSource" = MapSource
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Panda Security URL Filtering" = Panda Security URL Filtering
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RealPlayer 6.0" = RealPlayer Basic
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"SpyShelter_is1" = SpyShelter Personal Free 5.20
"StudioDV" = Studio
"TomTom HOME" = TomTom HOME
"Veetle TV" = Veetle TV 0.9.18
"WebDesigner" = Microsoft Expression Web
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.4.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/18/2011 6:01:30 PM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.

Error - 5/18/2011 6:18:15 PM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19046, fault address 0x000f9752.

Error - 5/20/2011 6:15:57 PM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.

Error - 5/25/2011 6:27:42 PM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.

Error - 5/25/2011 6:27:58 PM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.

Error - 5/28/2011 8:56:46 AM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.

Error - 5/29/2011 8:21:36 AM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.

Error - 5/29/2011 8:21:39 AM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1001
Description = Fault bucket 1991255601.

Error - 5/30/2011 7:16:58 PM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.

Error - 6/7/2011 8:09:30 AM | Computer Name = USER-EEBF5B7991 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
oeplugin.dll, version 0.0.0.0, fault address 0x000381ec.

[ System Events ]
Error - 6/13/2011 8:49:47 PM | Computer Name = USER-EEBF5B7991 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/13/2011 8:49:48 PM | Computer Name = USER-EEBF5B7991 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/13/2011 8:49:52 PM | Computer Name = USER-EEBF5B7991 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/13/2011 9:00:34 PM | Computer Name = USER-EEBF5B7991 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/16/2011 6:15:17 PM | Computer Name = USER-EEBF5B7991 | Source = NtServicePack | ID = 921883
Description = Windows XP Hotfix KB2544521-IE8 installation failed. KB2544521 installation
did not complete.

Error - 6/17/2011 8:08:35 AM | Computer Name = USER-EEBF5B7991 | Source = NtServicePack | ID = 921877
Description = Windows XP KB2503665 installation failed. An internal error occurred.


Error - 6/17/2011 8:08:40 AM | Computer Name = USER-EEBF5B7991 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007054f: Security Update for Windows XP (KB2503665).

Error - 6/17/2011 8:09:14 AM | Computer Name = USER-EEBF5B7991 | Source = NtServicePack | ID = 921883
Description = Windows XP Hotfix KB2476490 installation failed. KB2476490 installation
did not complete.

Error - 6/17/2011 8:09:30 AM | Computer Name = USER-EEBF5B7991 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f01f: Security Update for Windows XP (KB2476490).

Error - 6/17/2011 8:57:16 AM | Computer Name = USER-EEBF5B7991 | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.


< End of report >


MBAM:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6897

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/19/2011 8:19:40 PM
mbam-log-2011-06-19 (20-19-40).txt

Scan type: Quick scan
Objects scanned: 174833
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
agl01
Regular Member
 
Posts: 23
Joined: June 15th, 2011, 6:45 pm

Re: need help removing any malware

Unread postby melboy » June 20th, 2011, 3:27 pm

Hi

Let me know how things are running after running OTL.


OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    FF - prefs.js..browser.search.defaultenginename: "Shareaza Web Search"
    FF - prefs.js..browser.search.order.1: "Shareaza Web Search"
    FF - prefs.js..browser.search.selectedEngine: "Shareaza Web Search"
    FF - prefs.js..browser.startup.homepage: "http://search.shareazaweb.com/"
    FF - prefs.js..extensions.enabledItems: firefox@bandoo.com :5.0
    FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0
    FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
    FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0
    FF - prefs.js..extensions.enabledItems: {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.1.0.00
    FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.0
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=panda2_0yatb&p="
    [2011/02/05 16:08:21 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)
    [2011/02/21 18:57:11 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)
    [2010/11/04 20:30:01 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}
    [2011/01/08 15:04:53 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com
    [2011/05/30 17:39:26 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\bing-zugo.xml
    [2010/08/24 19:33:23 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\MyStart Search.xml
    [2010/04/12 16:01:50 | 000,005,495 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\SearchquWebSearch.xml
    [2010/08/12 03:21:06 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\ShareazaWebSearch.xml
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\22NSM24Y.DEFAULT\EXTENSIONS\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\22NSM24Y.DEFAULT\EXTENSIONS\{7FF99715-3016-4381-84CE-E4E4C9673020}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\22NSM24Y.DEFAULT\EXTENSIONS\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\22NSM24Y.DEFAULT\EXTENSIONS\FIREFOX@BANDOO.COM
    File not found (No name found) -- C:\PROGRAM FILES\SHAREAZA APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
    [2010/04/12 16:01:50 | 000,005,495 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
    [2010/08/12 03:21:06 | 000,002,510 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ShareazaWebSearch.xml
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O20 - AppInit_DLLs: (c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll) - c:\Program Files\Shareaza Applications\MediaBar\DataMngr\datamngr.dll (Discordia, LTD)
    O20 - AppInit_DLLs: (c:\progra~1\sharea~1\mediabar\datamngr\iebho.dll) - c:\Program Files\Shareaza Applications\MediaBar\DataMngr\IEBHO.dll (Discordia, LTD)
    O20 - AppInit_DLLs: (c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll) - c:\Program Files\Shareaza Applications\MediaBar\DataMngr\datamngr.dll (Discordia, LTD)
    O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - File not found
    @Alternate Data Stream - 16 bytes -> C:\Documents and Settings\user\My Documents\Shareaza Downloads:Shareaza.GUID
    @Alternate Data Stream - 16 bytes -> C:\Documents and Settings\user\My Documents\Music Downloads:Shareaza.GUID
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C43ED645
    
    :files
    C:\WINDOWS\tasks\Registry Reviver-user-Startup.job
    C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    C:\Documents and Settings\user\Local Settings\Application Data\k53phh05m63xl61w50p78u3805prg
    C:\Documents and Settings\All Users\Application Data\k53phh05m63xl61w50p78u3805prg
    C:\Documents and Settings\user\Application Data\AskToolbar
    C:\Documents and Settings\user\Application Data\imeshbandmltbpi
    C:\Documents and Settings\user\Application Data\OpenCandy
    C:\Documents and Settings\user\Application Data\shareazamediabartb
    C:\Documents and Settings\user\Application Data\pandasecuritytb(2)
    C:\Documents and Settings\user\Application Data\pandasecuritytb(3)
    
    :commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: need help removing any malware

Unread postby agl01 » June 20th, 2011, 6:33 pm

All processes killed
========== OTL ==========
Prefs.js: "Shareaza Web Search" removed from browser.search.defaultenginename
Prefs.js: "Shareaza Web Search" removed from browser.search.order.1
Prefs.js: "Shareaza Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.shareazaweb.com/" removed from browser.startup.homepage
Prefs.js: firefox@bandoo.com :5.0 removed from extensions.enabledItems
Prefs.js: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0 removed from extensions.enabledItems
Prefs.js: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0 removed from extensions.enabledItems
Prefs.js: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0 removed from extensions.enabledItems
Prefs.js: {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.1.0.00 removed from extensions.enabledItems
Prefs.js: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.0 removed from extensions.enabledItems
Prefs.js: "http://search.yahoo.com/search?fr=panda&type=panda2_0yatb&p=" removed from keyword.URL
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\Setup\ADA folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\Setup folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\components(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\searchbar(2)\engines(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\searchbar(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\options(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\icons(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\lib(2)\uwa(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\scripts(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\css(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\lib(2)\panels(2)\css(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\lib(2)\panels(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2)\lib(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\skin(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\locale(2)\toolbar(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\locale(2)\lib(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\locale(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\data(2)\search(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\data(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\content(2)\widgets(2)\net.vmn.www(2).shopping folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\content(2)\widgets(2)\net.vmn.www(2).Coupons folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\content(2)\widgets(2)\keypad(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\content(2)\widgets(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\content(2)\modules(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\content(2)\lib(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2)\content(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\chrome(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\Setup\ADA folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\Setup folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\components(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\searchbar(2)\engines(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\searchbar(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\options(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\icons(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\lib(2)\weatherbutton(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\lib(2)\uwa(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\scripts(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\css(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\lib(2)\panels(2)\css(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\lib(2)\panels(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2)\lib(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\skin(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\locale(2)\toolbar(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\locale(2)\lib(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\locale(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\data(2)\search(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\data(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\content(2)\widgets(2)\net.vmn.www(2).shopping folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\content(2)\widgets(2)\net.vmn.www(2).Coupons folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\content(2)\widgets(2)\keypad(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\content(2)\widgets(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\content(2)\modules(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\content(2)\lib(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2)\content(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3)\chrome(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(3) folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\components folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin\searchbar folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin\options folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin\lib\uwa folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin\lib\radio\images folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin\lib\radio\css folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin\lib\radio folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin\lib\panels\images folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin\lib\panels\css folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin\lib\panels folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin\lib folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\skin folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\content\widgets\net.vmn.www.3.YouTube.1217 folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\content\widgets\net.vmn.www.3.Twitter.1227 folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\content\modules folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\content\lib folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\content\data\search folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\content\data folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome\content folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}\chrome folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593} folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-24-Aug-2010-23-49-23-GMT folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-08-Jan-2011-20-04-52-GMT folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-05-Nov-2010-01-54-12-GMT folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\extensions\toolbar@ask.com folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\bing-zugo.xml moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\MyStart Search.xml moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\searchplugins\ShareazaWebSearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\ShareazaWebSearch.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll scheduled to be deleted on reboot.
c:\Program Files\Shareaza Applications\MediaBar\DataMngr\datamngr.dll moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\sharea~1\mediabar\datamngr\iebho.dll scheduled to be deleted on reboot.
c:\Program Files\Shareaza Applications\MediaBar\DataMngr\IEBHO.dll moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll scheduled to be deleted on reboot.
File c:\Program Files\Shareaza Applications\MediaBar\DataMngr\datamngr.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\bandoo\bndhook.dll scheduled to be deleted on reboot.
Unable to delete ADS C:\Documents and Settings\user\My Documents\Shareaza Downloads:Shareaza.GUID .
Unable to delete ADS C:\Documents and Settings\user\My Documents\Music Downloads:Shareaza.GUID .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:C43ED645 .
========== FILES ==========
File move failed. C:\WINDOWS\tasks\Registry Reviver-user-Startup.job scheduled to be moved on reboot.
File move failed. C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job scheduled to be moved on reboot.
C:\Documents and Settings\user\Local Settings\Application Data\k53phh05m63xl61w50p78u3805prg moved successfully.
C:\Documents and Settings\All Users\Application Data\k53phh05m63xl61w50p78u3805prg moved successfully.
C:\Documents and Settings\user\Application Data\AskToolbar folder moved successfully.
C:\Documents and Settings\user\Application Data\imeshbandmltbpi folder moved successfully.
C:\Documents and Settings\user\Application Data\OpenCandy\OpenCandy_DD199A27AAD143F7ACEB0490976D5720 folder moved successfully.
C:\Documents and Settings\user\Application Data\OpenCandy\OpenCandy_4BE99268E44746CF98E905EC356F683B folder moved successfully.
C:\Documents and Settings\user\Application Data\OpenCandy folder moved successfully.
C:\Documents and Settings\user\Application Data\shareazamediabartb\widgets_cache folder moved successfully.
C:\Documents and Settings\user\Application Data\shareazamediabartb\weather folder moved successfully.
C:\Documents and Settings\user\Application Data\shareazamediabartb\games folder moved successfully.
C:\Documents and Settings\user\Application Data\shareazamediabartb folder moved successfully.
C:\Documents and Settings\user\Application Data\pandasecuritytb(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\pandasecuritytb(3)\widgets_cache(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\pandasecuritytb(3)\weather(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\pandasecuritytb(3)\shopping(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\pandasecuritytb(3)\coupons(2) folder moved successfully.
C:\Documents and Settings\user\Application Data\pandasecuritytb(3) folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: user
->Temp folder emptied: 34248 bytes
->Temporary Internet Files folder emptied: 11050735 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 745 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 784 bytes

Total Files Cleaned = 11.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.24.1 log created on 06202011_172705

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
agl01
Regular Member
 
Posts: 23
Joined: June 15th, 2011, 6:45 pm

Re: need help removing any malware

Unread postby melboy » June 20th, 2011, 6:48 pm

Hi

melboy wrote:Let me know how things are running after running OTL.

How are things running?


Update Java Runtime

You are using an old version of Java. Oracle's Java (Was Sun Java) is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Oracle Java is: Java Runtime Environment Version 6 Update 26.

  • Go to Oracle Java
  • Scroll down to where it says "Java Platform, Standard Edition. Java SE 6 Update 26"
  • Click the Download JRE button to the right.
  • Check the box to Accept License Agreement
  • In the list of files, Look to Windows x86 Offline & click on the link to the right which says "jre-6u26-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs:
    Java(TM) 6 Update 16
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



TFC

You should still have this on your desktop.

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.



Re-run DDS

Please disable any anti-malware program that will block scripts from running before running DDS.
  • Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, Please copy & paste the contents of :
    • DDS.txt
And post it in your next reply.




In your next reply:
  1. DDS.txt
  2. ESET log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: need help removing any malware

Unread postby agl01 » June 21st, 2011, 11:34 am

There's a noticable improvement..IE and Outlook loading faster than before. I will do those other items after I get off work and on to my comuter. Let me know how to donate pay for the services herein

Thanks jerry
agl01
Regular Member
 
Posts: 23
Joined: June 15th, 2011, 6:45 pm

Re: need help removing any malware

Unread postby melboy » June 21st, 2011, 12:42 pm

Hi

Thank you. That would be very much appreciated. Our help is always free, but any donation to help with the running costs of this volunteer site is always gratefully received. I will in give you further information in due course when we have finished cleaning your PC. :)


In your next reply:
  1. DDS.txt
  2. ESET log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: need help removing any malware

Unread postby agl01 » June 22nd, 2011, 7:43 am

DDS:
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by user at 6:41:13 on 2011-06-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.2429 [GMT -5:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SpyShelter Personal Free\SpyShelter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SpyShelter] c:\program files\spyshelter personal free\SpyShelter.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\www.update
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6968886C-7FB3-4ADD-86DC-AF2A1D778319} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll c:\progra~1\sharea~1\mediabar\datamngr\iebho.dll c:\progra~1\sharea~1\mediabar\datamngr\datamngr.dll c:\progra~1\bandoo\bndhook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\22nsm24y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\22nsm24y.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\22nsm24y.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\22nsm24y.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.6.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\22nsm24y.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\22nsm24y.default\extensions\firefox@bandoo.com\components\FFPlugin.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\shareaza applications\mediabar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Window Shopper - Powered by Superfish: superfish@superfish.com - c:\documents and settings\all users\application datamozilla\extensions\superfish@superfish.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-1-19 28552]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-4-28 129992]
R1 SpyShelter;SpyShelter;c:\program files\spyshelter personal free\SpyShelter.sys [2011-1-25 158192]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-1-18 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-19 366640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2011-3-4 584488]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-4-28 143432]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-19 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-15 1684736]
S3 mr8980;Digital Wireless Camera;c:\windows\system32\drivers\mr8980.sys [2010-7-16 69632]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-06-21 23:22:09 -------- d-----w- c:\program files\ESET
2011-06-21 23:04:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-21 23:04:07 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-06-21 23:04:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-21 12:21:40 -------- d-----w- c:\documents and settings\user\AbiSuite
2011-06-21 12:20:46 -------- d-----w- c:\program files\AbiSuite2
2011-06-20 22:27:05 -------- d-----w- C:\_OTL
2011-06-20 01:15:03 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-20 01:14:59 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 01:14:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-17 12:51:42 -------- d-----w- C:\0936a25e2e974c8c1057
2011-06-16 22:17:32 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-16 12:25:49 50247 ----a-w- c:\program files\common files\microsoft shared\proof\Uninstal.exe
2011-06-16 02:45:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 00:02:28 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras
2011-06-15 23:22:58 29544 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
2011-06-15 23:05:02 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-15 22:38:51 -------- d-----w- c:\program files\Trend Micro
2011-06-15 00:53:37 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-15 00:53:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-14 23:34:08 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-14 01:01:45 -------- d-----w- c:\windows\system32\CatRoot2
2011-05-30 22:39:43 -------- d-----w- c:\documents and settings\user\application data\Superfish
2011-05-30 22:39:23 -------- d-----w- c:\program files\Superfish
2011-05-30 22:39:12 -------- d-----w- c:\documents and settings\all users\Application DataMozilla
2011-05-30 17:34:32 -------- d-----w- C:\48ff03d23d8e16dee0
2011-05-28 13:10:12 -------- d-----w- c:\program files\Nero
2011-05-28 13:10:04 -------- d-----w- c:\documents and settings\all users\application data\Nero
2011-05-28 13:09:14 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-05-28 13:09:02 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-05-28 13:08:55 -------- d-----w- c:\windows\Logs
.
==================== Find3M ====================
.
2011-05-04 03:04:16 28672 ----a-w- c:\windows\system32\SpyShelterShellExt.dll
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-28 21:47:02 365888 ----a-w- c:\windows\system32\PSUNCpl.cpl
2011-04-28 11:57:57 112456 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2011-04-28 11:57:38 97096 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2011-04-28 11:57:38 143432 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2011-04-28 11:57:38 129992 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2011-04-28 11:57:38 111688 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 6:41:53.54 ===============


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=67377ef6ee88c34aba5e6e5a51b39907
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-22 12:51:47
# local_time=2011-06-21 07:51:47 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 434900 434900 0 0
# compatibility_mode=768 16777215 100 0 29865304 29865304 0 0
# compatibility_mode=1538 16774118 20 3 0 136301521 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=62540
# found=10
# cleaned=0
# scan_time=5076
C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\InstallCache\{05B64610-ED45-40AC-89A3-507F6B6A25B9}\Registry Reviver.msi a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\BlubsterSetup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\psuite45.exe probably a variant of Win32/TrojanDropper.Agent.FZSLDBO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\rb09_4_4_0_17.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\RegistryReviverSetup.exe a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\InternationalPrimoPDF.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\rb09_4_4_0_17.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\RegistryReviverSetup.exe a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\ShareazaV6.exe a variant of Win32/Adware.Toolbar.Shopper.AA application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\weatherbug.exe a variant of Win32/Adware.Gator.Trickler.J application (unable to clean) 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=67377ef6ee88c34aba5e6e5a51b39907
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-22 02:13:41
# local_time=2011-06-21 09:13:41 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 440209 440209 0 0
# compatibility_mode=768 16777215 100 0 29870613 29870613 0 0
# compatibility_mode=1538 16774118 20 3 0 136306830 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=62557
# found=10
# cleaned=0
# scan_time=4682
C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\InstallCache\{05B64610-ED45-40AC-89A3-507F6B6A25B9}\Registry Reviver.msi a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\BlubsterSetup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\psuite45.exe probably a variant of Win32/TrojanDropper.Agent.FZSLDBO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\rb09_4_4_0_17.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\RegistryReviverSetup.exe a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\InternationalPrimoPDF.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\rb09_4_4_0_17.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\RegistryReviverSetup.exe a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\ShareazaV6.exe a variant of Win32/Adware.Toolbar.Shopper.AA application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\weatherbug.exe a variant of Win32/Adware.Gator.Trickler.J application (unable to clean) 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=67377ef6ee88c34aba5e6e5a51b39907
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-22 04:25:11
# local_time=2011-06-21 11:25:11 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 445066 445066 0 0
# compatibility_mode=768 16777215 100 0 29875470 29875470 0 0
# compatibility_mode=1538 16774118 20 3 0 136311687 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=84946
# found=10
# cleaned=0
# scan_time=7715
C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\InstallCache\{05B64610-ED45-40AC-89A3-507F6B6A25B9}\Registry Reviver.msi a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\BlubsterSetup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\psuite45.exe probably a variant of Win32/TrojanDropper.Agent.FZSLDBO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\rb09_4_4_0_17.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\RegistryReviverSetup.exe a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\InternationalPrimoPDF.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\rb09_4_4_0_17.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\RegistryReviverSetup.exe a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\ShareazaV6.exe a variant of Win32/Adware.Toolbar.Shopper.AA application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\weatherbug.exe a variant of Win32/Adware.Gator.Trickler.J application (unable to clean) 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=67377ef6ee88c34aba5e6e5a51b39907
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-22 05:47:18
# local_time=2011-06-22 12:47:18 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 452850 452850 0 0
# compatibility_mode=768 16777215 100 0 29883254 29883254 0 0
# compatibility_mode=1538 16774118 20 3 0 136319471 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=112861
# found=10
# cleaned=0
# scan_time=4858
C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\InstallCache\{05B64610-ED45-40AC-89A3-507F6B6A25B9}\Registry Reviver.msi a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\BlubsterSetup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\psuite45.exe probably a variant of Win32/TrojanDropper.Agent.FZSLDBO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\rb09_4_4_0_17.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\program installs BUS\RegistryReviverSetup.exe a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\InternationalPrimoPDF.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\rb09_4_4_0_17.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\RegistryReviverSetup.exe a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\ShareazaV6.exe a variant of Win32/Adware.Toolbar.Shopper.AA application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\user\My Documents\programinstalls\weatherbug.exe a variant of Win32/Adware.Gator.Trickler.J application (unable to clean) 00000000000000000000000000000000 I
agl01
Regular Member
 
Posts: 23
Joined: June 15th, 2011, 6:45 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware